[Sept 20, 2018]
An all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems.
Dubbed XBash, the new malware, believed to be tied to the Iron Group.
According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/NotPetya.
In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization’s network.
Developed in Python, XBash hunts for vulnerable or unprotected web services and deletes databases such as MySQL, PostgreSQL, and MongoDB running on Linux servers, as part of its ransomware capabilities.
Cyber Security Tips:
- Change default login credentials on your systems.
- Use strong and unique passwords.
- Keep your operating system and software up-to-date.
- Avoid downloading and running untrusted files or clicking links.
- Take backup of their data regularly.
- Prevent unauthorized connection using a firewall.